US12256006B1ActiveUtility

API compliance verification based on a distributed ledger

86
Assignee: CISCO TECH INCPriority: Jun 16, 2022Filed: Jun 16, 2022Granted: Mar 18, 2025
Est. expiryJun 16, 2042(~15.9 yrs left)· nominal 20-yr term from priority
G06F 21/64H04L 67/02H04L 9/3239H04L 9/50H04L 67/133H04L 9/3213G06F 9/541G06F 9/547
86
PatentIndex Score
1
Cited by
42
References
20
Claims

Abstract

In one embodiment, a method by a first network apparatus includes receiving an authorization request from a user device redirected from a second network apparatus, generating an authorization response comprising a resource authorization token, and transmitting the resource authorization token to the user device and to a distributed ledger for storage, wherein the distributed ledger is a blockchain record.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A first network apparatus, comprising:
 one or more processors; and 
 one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the first network apparatus to perform operations comprising:
 receiving an authorization request from a user device redirected from a second network apparatus; 
 generating an authorization response comprising a resource authorization token; 
 transmitting the resource authorization token to the user device and to a distributed ledger for storage, wherein the distributed ledger is a blockchain record; 
 generating an access token in response to receiving the resource authorization token from the second network apparatus; and 
 transmitting the generated access token to the distributed ledger for storage, 
 
 wherein the user device is redirected based on a determination that an HTTP request header to access a resource did not comprise a session cookie, wherein the resource authorization token generated by the first network apparatus is stored and used as the session cookie in subsequent requests for accessing the resource, wherein the first network apparatus comprises an identity provider function operable to perform attribute-based access control. 
 
     
     
       2. The first network apparatus of  claim 1 , wherein the resource authorization token is a JavaScript Object Notation (JSON) Web Token provided through an Oauth protocol. 
     
     
       3. The first network apparatus of  claim 1 , wherein the resource authorization token indicates:
 at least one of a plurality of authorized actions for a user associated with the user device to perform while accessing the resource; and 
 a plurality of resources that the user is authorized to access. 
 
     
     
       4. The first network apparatus of  claim 1 , wherein the first network apparatus is configured to:
 authenticate a user associated with the user device; and 
 determine whether the user is authorized to access the resource using the user device, wherein the first network apparatus is an OpenID Connect (OIDC) compliant identity provider. 
 
     
     
       5. The first network apparatus of  claim 1 , wherein the resource authorization token is transmitted to the second network apparatus from the user device through an application programming interface (API) call. 
     
     
       6. The first network apparatus of  claim 1 , wherein the distributed ledger is configured to receive a request for access by an external server to assess operations allowed for a given user based on analyzing one or more resource authorization tokens stored in the distributed ledger. 
     
     
       7. The first network apparatus of  claim 5 , the operations further comprising transmitting the generated access token to the second network apparatus for utilization by the user device. 
     
     
       8. A method for service authentication based on storing authorization tokens on a distributed ledger, comprising:
 receiving an authorization request from a user device associated with a user redirected from a first network apparatus; 
 generating an authorization response comprising a resource authorization token; 
 transmitting the resource authorization token to the user device and to the distributed ledger for storage, wherein the distributed ledger is a blockchain record; 
 generating an access token in response to receiving the resource authorization token from the first network apparatus; and 
 transmitting the generated access token to the distributed ledger for storage, 
 wherein the user device is redirected based on a determination that an HTTP request header to access a resource did not comprise a session cookie, wherein the resource authorization token is generated by a second network apparatus and is stored and used as the session cookie in subsequent requests for accessing the resource, wherein the second network apparatus comprises an identity provider function operable to perform attribute-based access control. 
 
     
     
       9. The method of  claim 8 , wherein the resource authorization token is a JavaScript Object Notation (JSON) Web Token provided through an Oauth protocol. 
     
     
       10. The method of  claim 8 , wherein the resource authorization token indicates:
 at least one of a plurality of authorized actions for the user associated with the user device to perform while accessing the resource; and 
 a plurality of resources that the user is authorized to access. 
 
     
     
       11. The method of  claim 8 , further comprising:
 authenticating the user associated with the user device; and 
 determining whether the user is authorized to access the resource using the user device through the second network apparatus, wherein the second network apparatus is an OpenID Connect (OIDC) compliant identity provider. 
 
     
     
       12. The method of  claim 8 , wherein the resource authorization token is transmitted to the first network apparatus from the user device through an application programming interface (API) call. 
     
     
       13. The method of  claim 8 , wherein the distributed ledger is configured to receive a request for access by an external server to assess operations allowed for a given user based on analyzing one or more resource authorization tokens stored in the distributed ledger. 
     
     
       14. The method of  claim 12 , further comprising transmitting the generated access token to the first network apparatus for utilization by the user device. 
     
     
       15. A non-transitory computer-readable medium comprising instructions that are configured, when executed by a processor, to:
 receive an authorization request from a user device redirected from a first network apparatus; 
 generate an authorization response comprising a resource authorization token; 
 transmit the resource authorization token to the user device and to a distributed ledger for storage, wherein the distributed ledger is a blockchain record; 
 generate an access token in response to receiving the resource authorization token from the first network apparatus; 
 transmit the generated access token to the distributed ledger for storage; and 
 perform attribute-based access control via an identity provider function, 
 wherein the user device is redirected based on a determination that an HTTP request header to access a resource did not comprise a session cookie, wherein the generated resource authorization token is stored and used as the session cookie in subsequent requests for accessing the resource. 
 
     
     
       16. The non-transitory computer-readable medium of  claim 15 , wherein the resource authorization token is a JavaScript Object Notation (JSON) Web Token provided through an Oauth protocol. 
     
     
       17. The non-transitory computer-readable medium of  claim 15 , wherein the resource authorization token indicates:
 at least one of a plurality of authorized actions for a user associated with the user device to perform while accessing the resource; and 
 a plurality of resources that the user is authorized to access. 
 
     
     
       18. The non-transitory computer-readable medium of  claim 15 ,
 wherein the resource authorization token is transmitted to the first network apparatus from the user device through an application programming interface (API) call. 
 
     
     
       19. The non-transitory computer-readable medium of  claim 15 ,
 wherein the distributed ledger is configured to receive a request for access by an external server to assess operations allowed for a given user based on analyzing one or more resource authorization tokens stored in the distributed ledger. 
 
     
     
       20. The non-transitory computer-readable medium of  claim 18 , wherein the instructions are further configured to:
 transmit the generated access token to the first network apparatus for utilization by the user device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.